OpenClaw Malware Tricks Users Into AMOS Infection via Password Entry

In recent cybersecurity research, TrendAI has identified a disturbing shift in the way the Atomic Stealer (AMOS) malware is being distributed.

Historically, AMOS, a malware-as-a-service (MaaS) designed to steal sensitive data from Apple devices, was spread via cracked macOS software.

However, the trend has now evolved, with attackers using OpenClaw skills to trick users into manually entering passwords, ultimately leading to the infection of devices with AMOS.

OpenClaw is an AI agent platform that can execute various “skills” to perform tasks. In this new attack vector, AMOS is delivered via malicious OpenClaw skills that manipulate AI agents to install malware.

The skill appears harmless at first, with instructions that seem benign and even pass VirusTotal scans. However, when the AI agent follows these instructions, it installs a fake command-line interface (CLI) tool on the user’s system, which then installs the AMOS malware.

According to Trend Micro, the infection chain begins with an innocuous-looking SKILL.md file that prompts the installation of the OpenClawCLI tool. The skill then silently fetches additional installation instructions from a malicious website.

Depending on the model used, such as GPT-4o, the malware may either be silently installed or repeatedly prompt the user to install a “driver” that turns out to be malicious.

This is a significant evolution in the tactics, techniques, and procedures (TTPs) used by AMOS, marking a move from traditional social engineering to AI-based manipulation.

Malware Payload and Data Exfiltration

Once the malicious skill is installed, it triggers the download of a Mach-O universal binary file that can run on both Intel- and Apple Silicon-based Macs.

This binary is designed to steal a wide range of sensitive data, including credentials from Apple and KeePass keychains, files from the Desktop, Documents, and Downloads folders, and even data from Apple Notes.

In addition, the malware can harvest system information and other credentials from 19 different browsers, including saved passwords and autofill data.

The stolen data is then compressed and uploaded to a remote command-and-control (C&C) server, where cybercriminals can access it.

This exfiltration includes not only personal files but also more critical information, such as private keys, certificates, and credentials for cryptocurrency wallets.

Protecting Against The Threat

TrendAI has taken steps to ensure that its customers are protected against this evolving threat.

Managed Detection and Response (MDR) services are actively blocking AMOS-related domains and detecting malicious behaviors. Additionally, all detected malicious OpenClaw skills are flagged and removed, preventing further infections.

For organizations it’s crucial to test unverified OpenClaw skills in a controlled environment.

TrendAI recommends using isolated testing machines and containers to mitigate the risks of AI-based attacks. By adopting robust security measures and leveraging continuous monitoring, businesses can better protect themselves from the evolving threat landscape.

Key	Value	Stack Location
0	0x36750d22b0363d3f	stack-0x20
1	0xb88c7cabb1500fec	stack-0x18
2	0x9f74da101cad6a49	stack+0x18
3	0x2ba0fa21a3924246	stack+0x20
4	0x22b3e52e351a0393	stack+0x28
5	0xb423da07ae830ad0	stack+0x30

AMOS is not a new threat, but its operators continue to innovate in how they distribute the malware. From cracked software to poisoned AI agent skills, attackers are constantly evolving their tactics.

TrendAI’s MDR solutions are critical in identifying and neutralizing such threats in real time, preventing large-scale data breaches and minimizing damage.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.

The post OpenClaw Malware Tricks Users Into AMOS Infection via Password Entry appeared first on Cyber Security News.